April 13, 2018 •
As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.
Active Monitoring • Compliance
December 12, 2017 •
Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.
Compliance • Network Security • Vulnerability Management
October 30, 2017 •
On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.
Compliance • Vulnerability Management
August 16, 2017 •
I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.
Compliance • Security Assessments